What is the problem between NAT/PAT-ed network with SIP?

Unanswered Question
Nov 5th, 2008

Hi guys,

I'm not really good at voice - so please bare with me :)

I have a situation where I cant make a voip call via SIP using class4/5 softswitch behind NAT/PAT network.

The diagram :

NAT/PAT --- cloud/MPLS --- softswitch.

the softswitch provides IP centrex service - so there will be caller-group. the 2nd problem was that in a caller-group It cant establish a call origin from ip 1.1 back to ip 1.1. And i cant touch that softswitch (its xener - i dont exactly know what type). I'm wondering this softswitch capability - anyone using it?.

We have tested using other SIP server (using asterisk-based softswitch) and sniffed all SIP-related traffic - we have 403 error and the like - but my opinion its the PEs NAT router that dropped the SIP handshake - so the RTP wont pass-thru both caller/called party.

Modifying a single PE probably easy - but my catch is that - as long as I have some NAT router/firewall along the PE and softswitch path it will not work, correct?

Before i go further with Cisco Unified Border Element and Session Border Controller proposal - anyone would like to give me a comment about my understanding from above scenario?

any help would be appreciated,

thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hadbou Tue, 11/11/2008 - 15:27

The NAT Support for SIP feature allows SIP embedded messages passing through a router configured with Network Address Translation (NAT) to be translated and encoded back to the packet. An application layer gateway (ALG) is used with NAT to translate the SIP or SDP messages.

See the following url for more details about NAT support for SIP:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftnatsip.html

intelide3 Tue, 11/11/2008 - 18:21

hi hadbou,

thank you for reply, and for the link.

does this ALG - ip nat service command will work for the SIP data (RTP) reply? since it uses UDP on random ports? or should i just open some UDP port range in the NAT router?

this was more like troubleshooting ipsec and FTP over NAT to me.

and about my scenario : on the PEs - do I need to make another hop (PBR) to some ALG-enabled routers - because we use multivendor edge routers?

thank you for the reply.

Actions

This Discussion